RE: [Sip] sips: upgrading allowed or not
"Hadriel Kaplan" <HKaplan@acmepacket.com> Wed, 28 March 2007 00:04 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HWLe3-00087r-GZ; Tue, 27 Mar 2007 20:04:07 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HWLe2-00087m-NF for sip@ietf.org; Tue, 27 Mar 2007 20:04:06 -0400
Received: from host10.216.41.24.conversent.net ([216.41.24.10] helo=acmepacket.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HWLdz-0008Sx-4G for sip@ietf.org; Tue, 27 Mar 2007 20:04:06 -0400
Received: from hkaplan [217.41.228.52] by acmepacket.com with ESMTP (SMTPD-9.10) id A0E20284; Tue, 27 Mar 2007 20:03:46 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: 'Francois Audet' <audet@nortel.com>, 'Jonathan Rosenberg' <jdrosen@cisco.com>, 'IETF SIP List' <sip@ietf.org>
References: <46091EB2.6020303@cisco.com> <1ECE0EB50388174790F9694F77522CCF0FC5A439@zrc2hxm0.corp.nortel.com>
Subject: RE: [Sip] sips: upgrading allowed or not
Date: Tue, 27 Mar 2007 20:03:04 -0400
Message-ID: <026601c770cc$7695b330$800101df@acmepacket.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcdwddKpYbqocH84S7y1P1hQuUzOjQAGRhfgAA8AURA=
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
In-Reply-To: <1ECE0EB50388174790F9694F77522CCF0FC5A439@zrc2hxm0.corp.nortel.com>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 501044f827b673024f6a4cb1d46e67d2
Cc:
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
I also agree upgrading should not be allowed to make life simpler, but my concern is isn't it too late? I mean how many 3261-compliant boxes out there will retarget upgrade? So if sips suddenly becomes a (more) popular thing, how would the UAS know if the request traversed a 3261-only proxy which upgraded, vs. traversed this newer proposal proxies only? It will have to do the checks no matter what, no? And the bad scenario of sips contact can still occur. (or maybe I missed the point) But at least if you specify NOT to do it and why in your draft then it will help proxy makers avoid the sips contact issue. So it still has some value. -hadriel > -----Original Message----- > From: Francois Audet [mailto:audet@nortel.com] > Sent: Tuesday, March 27, 2007 3:36 PM > To: Jonathan Rosenberg; IETF SIP List > Subject: RE: [Sip] sips: upgrading allowed or not > > I agree with Jonathan's proposal. > > Here is a slighly different perspective on it however. I'll keep > rethorical arguments > out of it, and stick to protocol. > > - Disallowing re-targeting "upgrades" from SIP to SIPS by a proxy would > be > a normative change to RFC 3261. Section 26.4.4 describes it (3rd > paragraph > on p. 250). That is just an observation. > > - The fact that it is currently allowed means that the UAS receiving the > request > has to go through some fairly esoteric logic to "guess" if the request > was > sent securily on each hop or not. This is described in paragraph 4 of > p. 250, > and section 4.1 of draft-ietf-sip-sips-02 also describes it, with some > modifications. > Those procedures are extremely cludgy and non-deterministic. They are > also misleading > for the UAS, and inconsistent with the use of SIPS and SIP as > described in this draft > (i.e., for the other scenarios of forwarding and retargeting). In all > other instances, > the idea is that when a request is forwarded/retargeted, the scheme is > preserve. > I'd really like to get rid of section 4.1. > > - Jonathan Peterson was proposing that the UAS inspect the To > header to see if > the request was initially targeted at SIPS. This is a subset of > the procedures > of 4.1/draft-ietf-sip-sips and of RFC 3261 (they add stuff like > looking at > Via and other fields). > > - This "upgrading" also forces the use of the double Record-Route in > section 4.2 > of draft-ietf-sip-sips-02. Since we agreed to deprecate the last hop > exception > for downgrading, the SIPS-to-SIP Record-Route scenario will be removed > from the > -03 version. Removing the "upgrade" scenario would also remove the > double > Record-Route for the SIP-to-SIPS, and the net-net is that the whole > section > 4.2 could be removed. > > - Because of rules described in RFC 3261, if a UAS receives an incoming > request with a > SIPS Request-URI, it MUST use a SIPS contact. This is a big problem > for the sender > of the initial request that initiated the dialog if that UAC did not > support SIPS. > If Record-Routing is not used, it will just plainly not work. The UAC > will not be > able to send further requests (like BYE for example). If Record-Route > is used, it > might work (or it might not). The reason it might not work is that > there is possible > that the UAC might "choke" on the SIPS URI in the Contact (because it > doesn't understand > how to parse it). > > - We have corrected to types of problems everywhere else in this > draft. There was > quite a few of them in previous versions. This is the only one > remaining. > > - Note that it would still be possible to "upgrade" by sending SIP over > TLS. In fact, I would > argue that we need to put a requirement to do so when there is already > a TLS connection > opened with the target (as would be the case if Outbound was used, and > the registration was > done over TLS). > > In summary, I favor deprecating the "retargeting upgrade" scenario for > the following reasons: > > - It greatly simplifies the draft, eliminating sections 4.1 and 4.2 > completely. > > - It is much less confusing for the far end. > > - It avoids some nasty protocol level problems that "break" things. > > - You can still use TLS for transport for delivering to that last hop. > > > -----Original Message----- > > From: Jonathan Rosenberg [mailto:jdrosen@cisco.com] > > Sent: Tuesday, March 27, 2007 06:40 > > To: IETF SIP List > > Subject: [Sip] sips: upgrading allowed or not > > > > During the Prague IETF, I shared some opinions on what I > > thought sips needs to look like and why, and wanted to take > > these to the list. > > > > Firstly, what is the point of sips? What does it bring a > > network that it can't get with TLS on some hops, as needed? > > The answer is that certain security benefits are afforded if > > we can assure that every single hop from UAC to UAS was TLS > > protected, and that furthermore, this fact can be > > definitively known by the UAC, UAS, and all proxies along the > > way. If we make the assumption that the UA's trust their > > proxies (please don't question the assumption in this > > thread), then SIPS provides you some very nice security > > properties - confidentiality and integrity from all > > non-trusted entities. We use this property all over our specs > > to secure various extensions. > > > > Given that, sips is broken if it doesn't provide that service > > (tls on each hop with knowledge of such by all entities). FOr > > this reason, I think we need to eliminate the last hop > > exception (uncontroversial I think), but furthermore, I > > believe this extends to retargeting as well. > > I think we clearly need to disallow retargeting or > > downgrading from a sips URI to a sip URI. I think that was > > also largely non-controversial. > > However, I also want to disallow upgrading or retargeting > > from sip to sips. On this, there was some disagreement. > > > > The challenge Jon gave me at the mike was this. As long as a > > UAC inserts a sips URI into the To field and R-URI field when > > it emits a sips request, does not the presence of a sips URI > > in the TO field, and receipt over a TLS connection, assure > > that the request was delivered over TLS at each hop? Had the > > request been sent originally to a sip URI and then upgraded, > > the TO field would not have been sips, but rather sip. > > > > I believe Jon is correct, however I still think it is not a > > good idea. > > My rationale is: > > > > 1. if upgrades are disallowed, redirecting from sip to sips > > works much better. Such a redirection would necesarily have > > to go all the way to the UAC. If we allow upgrades, a proxy > > in the middle could recurse and upgrade. In that case, if the > > reason for the redirection was that the UAS *wanted* TLS on > > each hop, recursing in the middle would destroy that possibility. > > > > 2. The architectural principle behind the first issue, more > > generally, is that the meaning of sips is *SECURE ON EACH HOP > > FROM UAC TO UAS*. To me, this is fundamentally at odds with > > any notion of upgrade or downgrade. > > > > 3. Things become simpler if we forbid upgrades. We can > > eliminate the text on double-record routing sinec a proxy > > would never be sip/sips converting. I think it also just > > generally makes overall processing easier. SIPS means one > > thing and one thing only and its terribly clear what it means. > > > > As such, I stand by my argument that we should forbid upgrades. > > > > -JOnathan R. > > > > -- > > Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > > Cisco Fellow Parsippany, NJ > > 07054-2711 > > Cisco Systems > > jdrosen@cisco.com FAX: (973) 952-5050 > > http://www.jdrosen.net PHONE: (973) 952-5000 > > http://www.cisco.com > > > > _______________________________________________ > > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol Use > > sip-implementors@cs.columbia.edu for questions on current sip > > Use sipping@ietf.org for new developments on the application of sip > > > > _______________________________________________ > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] sips: upgrading allowed or not Jonathan Rosenberg
- Does TLS have the security benefits claimed? (was… Dean Willis
- Re: Does TLS have the security benefits claimed? … Frank W. Miller
- Re: Does TLS have the security benefits claimed? … Juha Heinanen
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- Re: Does TLS have the security benefits claimed? … Medhavi Bhatia
- Re: [Sip] sips: upgrading allowed or not Dean Willis
- RE: [Sip] sips: upgrading allowed or not Samir Srivastava
- Re: Does TLS have the security benefits claimed? … David R Oran
- RE: Does TLS have the security benefits claimed? … Francois Audet
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- RE: Does TLS have the security benefits claimed? … Francois Audet
- Re: Does TLS have the security benefits claimed? … Dean Willis
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- RE: Does TLS have the security benefits claimed? … Francois Audet
- Re: [Sip] sips: upgrading allowed or not Dean Willis
- [Sip] Securing Other URI (Tel URI) scheme Samir Srivastava
- [Sip] RE: Securing Other URI (Tel URI) scheme Sean Olson
- [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- [Sip] Re: Securing Other URI (Tel URI) scheme Dean Willis
- [Sip] RE: Securing Other URI (Tel URI) scheme Sean Olson
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- Re: Does TLS have the security benefits claimed? … Frank W. Miller
- [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- Re: Does TLS have the security benefits claimed? … Frank W. Miller
- [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: Does TLS have the security benefits claimed? … Dean Willis
- Re: Does TLS have the security benefits claimed? … Dean Willis
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- Re: Does TLS have the security benefits claimed? … Vijay K. Gurbani
- Re: Does TLS have the security benefits claimed? … Dean Willis
- RE: Does TLS have the security benefits claimed? … Brian Stucker
- Re: [Sip] sips: upgrading allowed or not Michael Thomas
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] sips: upgrading allowed or not Hadriel Kaplan
- [Sip] Future work in specification on SIP Security Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- RE: [Sip] sips: upgrading allowed or not Francois Audet
- Re: [Sip] sips: upgrading allowed or not Dean Willis
- [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] sips: upgrading allowed or not Elwell, John
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme EKR
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Vijay K. Gurbani
- RE: [Sip] sips: upgrading allowed or not Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Eric Rescorla
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- RE: [Sip] sips: upgrading allowed or not Hadriel Kaplan
- RE: [Sip] sips: upgrading allowed or not Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Hadriel Kaplan
- RE: [Sip] sips: upgrading allowed or not Hadriel Kaplan
- RE: [Sip] sips: upgrading allowed or not Samir Srivastava
- [Sip] draft-srivastava-sip-e2e-ciphersuites-00 (w… Hadriel Kaplan
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- [Sip] RE: draft-srivastava-sip-e2e-ciphersuites-0… Samir Srivastava
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- Poll: Do we have sips/sip retageting in the wild … Dean Willis
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- [Sip] RE: draft-srivastava-sip-e2e-ciphersuites-0… Hadriel Kaplan
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- [Sip] SIPS Deployments ( Was Re: Poll: Do we have… Samir Srivastava
- RE: [Sip] SIPS Deployments ( Was Re: Poll: Do we … Samir Srivastava
- [Sip] "Deployments" (sips: and so on) Markus.Isomaki
- RE: [Sip] "Deployments" (sips: and so on) Steve Langstaff
- Re: [Sip] "Deployments" (sips: and so on) Vijay K. Gurbani
- Re: [Sip] "Deployments" (sips: and so on) Vijay K. Gurbani
- Re: [Sip] "Deployments" (sips: and so on) Jiri Kuthan
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: [Sip] "Deployments" (sips: and so on) Samir Srivastava
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Cullen Jennings
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Paul Kyzivat
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Stastny Richard
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Stastny Richard
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] Securing Other URI (Tel URI) scheme Francois Audet
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Michael Thomas
- Re: [Sip] Securing Other URI (Tel URI) scheme Scott Lawrence
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Michael Thomas
- Re: [Sip] Securing Other URI (Tel URI) scheme Paul Kyzivat
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] Securing Other URI (Tel URI) scheme Paul Kyzivat
- Re: [Sip] Securing Other URI (Tel URI) scheme Michael Thomas
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] Securing Other URI (Tel URI) scheme Michael Thomas
- RE: [Sip] Securing Other URI (Tel URI) scheme Dwight, Timothy M (Tim)
- RE: [Sip] Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] Securing Other URI (Tel URI) scheme Dwight, Timothy M (Tim)
- RE: [Sip] Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: [Sip] Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Scott Lawrence
- RE: Poll: Do we have sips/sip retageting in the w… Charles Eckel (eckelcu)
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: Poll: Do we have sips/sip retageting in the w… Charles Eckel (eckelcu)
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- Re: Poll: Do we have sips/sip retageting in the w… Cullen Jennings
- [Sip] draft-ietf-sip-sips-03: option-tag or not Francois Audet
- [Sip] RE: draft-ietf-sip-sips-03: option-tag or n… Charles Eckel (eckelcu)